]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 15f44f1)
rec: Don't follow CNAME when fetching DNSKEYs
authorRemi Gacogne <remi.gacogne@powerdns.com>
Mon, 22 May 2017 16:25:55 +0000 (17:25 +0100)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Mon, 26 Jun 2017 10:24:46 +0000 (12:24 +0200)
pdns/syncres.cc patch | blob | history

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 45a1551f8c07b87e9b6fad16640a4ed31ca3d359..c9070e3e528be498a023495e35b14fda44daa254 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -1596,7 +1596,11 @@ vState SyncRes::getDNSKeys(const DNSName& signer, skeyset_t& keys, unsigned int
   LOG("Retrieving DNSKeys for "<<signer<<endl);
 
   vState state = Indeterminate;
+  /* following CNAME might lead to us to the wrong DNSKEY */
+  bool oldSkipCNAME = d_skipCNAMECheck;
+  d_skipCNAMECheck = true;
   int rcode = doResolve(signer, QType(QType::DNSKEY), records, depth + 1, beenthere, state);
+  d_skipCNAMECheck = oldSkipCNAME;
 
   if (rcode == RCode::NoError) {
     if (state == Secure) {
Unnamed repository; edit this file 'description' to name the repository.